Cisco Systems Intelligent Gigabit Ethernet Switch Module Appendix A. Security and QoS Configuration Messages

Appendix A. Security and QoS Configuration Messages

This appendix describes the switch error messages for configuri ng network security

with access control lists (ACLs) and for configuring quality of service ( QoS). In Tab le 4,

Access Control Parameters (ACPs) are referred to as masks. For more information

about ACPs, refer to the software configuration guide for this release.

Table 4. Common ACL Error Messages .

Error Message Explanation and Suggested Solution

%Error:Class-map [class-map name] has a

different mask than the Policymap

[policy-map name]

This error message means that the policy map has a

different mask than the class map.

Use the same mask in both the class map and the polic y

map.

%Error:Class-maps have a mix of System

Defined

and User Defined masks within the

Policymap

[policy-map name]

This error message means that a combination of system-

defined and user-defined masks has been used in the

multiple class maps that are part of a poli cy map.

Class maps that are in a policy map cannot have ACLs that

use both system-defined masks and user-defined masks.

%Error:System Defined ACEs of TCP/UDP and

cannot exist together in a policy-map.

Check

policy-map :[policy-map name]

This error message means that a combination of Layer 3

system-defined access control entries (ACEs) and Layer 4

system-defined ACEs is in the same policy map.

A policy map cannot have both Layer 3 system-defined

ACEs and Layer 4 system-defined ACEs.

Note: You cannot have masks such as permit tcp any

any, permit udp an y any, and permit ip any any within

the same policy map.

%Error:Service-Policy is not supported on

VLAN

interface

This error message means that you have tried to attach a

policy map to a VLAN interface.

A policy map can be attached only to a physical interface.

%Error:Invalid policy-map This error message means that the policy map is invalid.

This message is normally preceded by a more explicit er ror

message that gives details about the reasons for the

invalidity of the policy map.

%Error:Match Numbered Attach Filter :ONLY

one

ACL allowed in a class-map

This error message means that there was an attempt to add

another numbered ACL in the class map.

Only one ACL is allowed in a class map.

%Error:Deny ACE not supported in access-

group

within a class-map.

Check class-map : [class-map name]

This error message means that a deny ACE has been

entered in an access group within a class map.

A deny ACE is not supported in an access group within a

class map.

%Error:System Defined and User Defined

ACEs

cannot exist together in access-group

within a

class-map.

Check class-map : [class-map name]

This error message means that a combination of system-

defined and user-defined masks has been used in an

access group within a class map.

The access group in a class map cannot have ACLs that

use both system-defined masks and user-defined masks.